Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-11310

The password security is different from one page to another and can be skipped

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      This issue concerns security and UI

      I was searching about how to set a regex check on user password in order to increase security in my wiki and found that it can be overrun quite easily.

      At this moment we can set the password of a user in using different ways which all have their own password quality checks :

      1. Registration => XWiki/Registration
      2. Password recovery => XWiki/ResetPasswordComplete
      3. Admin user creation process => XWiki/XWikiPreferences?editor=globaladmin&section=Users#
      4. Password modification by the user himself => XWiki/PROFIL?xpage=passwd

      On a quality POV, some have regex checks, some have no check except that password and retype password fit.

      On a UI POV, some checks does need to reload the page, some doesn't and some display errors in a modal when others directly in the form while writing.

      It would be best to use only one script to check the password quality for all places since at this moment your password can be one letter long and modifying the checks take 4 times the time..

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              jcoury Jean Coury
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: